Speaking of Security – The RSA Blog and Podcast

One of the most important and widely-deployed cryptographic standards is PKCS #11, one of the family of PKCS standards that RSA initiated in the 1990s. The PKCS #11 standard specifies an API, called Cryptoki, for devices that hold cryptographic information and perform cryptographic functions. The API follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device, called a cryptographic token.

• 

Among the materials associated with their just-released report on the Digital Universe, IDC has just posted a new Youtube video of John Gantz and David Reinsel, called “The Digital Universe and the Internet of Things,” discussing the implications of this massive explosion of data.

• 

IDC has just released an important new study by John Gantz and David Reinsel on The Digital Universe in 2020 that includes an important discussion of the security and privacy implications for the explosion of data in the digital universe. As the report calls out, “The rise in mobility and participation in social networks, the [...]

• 

I was in Stockholm a couple of weeks ago to speak at an EMC Forum and was able to sit in on the keynote, given by Chad Sakac. As anyone who has attended EMCworld knows, Chad is a great speaker: energetic, interesting and insightful. His keynote explored the theme of transformation, including the transformation of [...]

• 

As I mentioned in an earlier blog, I was in Budapest in early November for the 3rd annual Gamesec conference, described in this way on their web site: “The GameSec conference aims to bring together researchers who aim to establish a theoretical foundation for making resource allocation decisions that balance available capabilities and perceived security risks in a principled manner.” Many of the conference sessions did indeed look at resource allocation decisions, from both theoretical and practical perspectives.

• 

In the “The Game of Cybersecurity”, I suggested that we as security professionals should be doing more to take advantage of game theory for the insights it can provide into the threats that we face and into effective strategies for cyber defense. As it turns out, there were a several presentations at RSA Conference Europe 2012 [...]

• 

I was in Abu Dhabi last week, speaking at Khalifa University in a conference on cloud computing. Never having been in Abu Dhabi before, I found many things new and unfamiliar, but also wonderful – particularly so, that evening, when we had dinner at a restaurant that looked across the water to the Shaikh Zayed [...]

• 

As I mentioned in an earlier blog, among the sessions on big data at RSA Conference China was Samir Saklikar’s presentation on Embedding Security and Trust Primitives in Map Reduce. Samir is in the RSA Office of the CTO and has been focused on big data security for more than a year, exploring the security and privacy issues for big data, the application of current security technology to those security requirements and the definition of new capabilities that would provide significant benefits in addressing those issues.

• 

I spent a week in the US recently working on key management in a single-minded way that I rarely have the opportunity for these days. First there was a two-day Key Management Workshop at NIST. Day one focused on review of the SP 800-130 Key Management Framework and the SP 800-152 Key Management Profile. Day [...]

• 

There’s been quite a lot of discussion recently about applying big data to improving security.  My colleagues Rashmi Knowles and Barrett Mononen have written a couple of blogs about it.  Our RSA/Netwitness CSO Eddie Schwartz spoke about it at RSA Conference China and the Splunk IPO in April certainly created lots of buzz around big [...]

•